Technology Sharing

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

1. Working mode of 80x86 processor

1.1 Real Mode

Real Mode Overview

Real Mode is the earliest working mode supported by the 80x86 processor and is also the most basic working mode. Real Mode is mainly used in the early MS-DOS operating system and other simple operating environments. In Real Mode, the processor can directly access 1MB of physical memory space. This mode is fully compatible with the working mode of the 8086 processor, hence the name "Real Mode".

Features of real mode

1. Address space restrictions

   • In real mode, the processor can only access 1MB of memory space (from 0x00000 to 0xFFFFF).
   • The memory space limitation is due to the 20-bit address bus.

2. Segment address and offset address

   • Real mode uses segment:offset for memory addressing.
   • The segment address is multiplied by 16 (i.e. shifted left 4 bits) and added to the offset address to form a 20-bit physical address.
   • For example, the segment address is 0x1234 and the offset address is 0x5678, then the physical address is: physical address = (0x1234×16) + 0x5678 = 0x12340 + 0x5678 = 0x179B8text{physical address} = (0x1234 times 16) + 0x5678 = 0x12340 + 0x5678 = 0x179B8physical address = (0x1234×16) + 0x5678 = 0x12340 + 0x5678 = 0x179B8

3. No memory protection

   • There is no memory protection mechanism in real mode, and programs can arbitrarily access the entire 1MB memory space, including the operating system area and the areas of other programs.
   • This may cause programs to interfere with each other and easily lead to system crashes.

4. Direct hardware access

   • Real mode allows direct access to hardware devices and I/O ports.
   • In real mode, programs can interact with hardware devices directly using I/O instructions such as IN and OUT.

5. Interrupts and processor initialization

   • Real mode supports hardware interrupts and software interrupts, which are managed using the Interrupt Vector Table (IVT).
   • The interrupt vector table is stored in the lowest 1KB area of ​​​​memory (from 0x00000 to 0x003FF).
   • After the processor is powered on or reset, it automatically enters real mode and starts executing code from address 0xFFFF0.

6. Restrictions on executable code

   • The size of the executable code segment in real mode is limited. Usually, a code segment is a maximum of 64KB (0x0000 to 0xFFFF).

Real mode memory layout

In real mode, the memory layout usually consists of the following parts:

1. BIOS Area

   • Upper memory (from 0xF0000 to 0xFFFFF) is usually used to store BIOS code and data.
   • At power-on or reset, the processor begins executing BIOS code at 0xFFFF0.

2. Interrupt vector table

   • The lowest 1KB area of ​​memory (from 0x00000 to 0x003FF) stores the interrupt vector table.
   • Each interrupt vector occupies 4 bytes (2-byte segment address and 2-byte offset address).

3. Operating systems and applications

   • The remaining memory area is used to store operating system code, application code, and data.

1.2 Protection Mode

Overview

Protected Mode is an advanced working mode introduced by 80x86 processors. Compared with real mode, it provides more powerful memory management and protection functions. Protected Mode was first introduced on 80286 processors and was further expanded and enhanced on 80386 and later processors.

Features of protected mode

1. Expanded memory address space

   • Protected mode supports a 24-bit or 32-bit address bus, capable of accessing 4GB of physical memory space (on 80386 and later).
   • Memory management uses segment selectors and segment descriptors, allowing more complex memory layout and management.

2. Memory protection

   • Through segment descriptors and page tables, protected mode can implement memory protection to prevent programs from illegally accessing the memory of other programs or the operating system.
   • Supports code and data segments with different privilege levels (0 to 3) to achieve isolation between user mode and kernel mode.

3. Paging mechanism

   • Supports paging mechanism, maps virtual addresses to physical addresses through page tables, and further enhances memory management capabilities.
   • The page size is usually 4KB, but larger pages (such as 4MB) are also supported.

4. Hardware-supported multitasking

   • Provides hardware-supported multi-task switching, including Task State Segment (TSS) and Task Register.
   • Supports Task Gate for switching and protection between tasks.

5. Enhanced interrupt and exception handling

   • In protected mode, the Interrupt Descriptor Table (IDT) is used to manage interrupts and exception handling.
   • IDT supports gate descriptors, including interrupt gates, trap gates, and task gates.

6. Virtual Memory

   • Supports virtual memory and implements virtual address space through paging mechanism, so that programs can use address space larger than actual physical memory.

Protected Mode Memory Management

1. Segment selectors and segment descriptors

   • Each segment selector points to a segment descriptor, which contains the segment base address, segment limit, and segment attributes (such as permissions and type).
   • Segment selectors and segment descriptors are managed by the Global Descriptor Table (GDT) and the Local Descriptor Table (LDT).

2. Paging mechanism

   • The paging mechanism divides the virtual address into page directory, page table and page frame.
   • Through the page directory and page table, the virtual address is mapped to the physical address to achieve memory protection and management.

Protected Mode Applications

Protected mode is widely used in modern operating systems, such as Windows, Linux, Unix, etc. They use the characteristics of protected mode to implement advanced functions such as multi-tasking, multi-user and memory protection. Through protected mode, the operating system can effectively manage hardware resources and provide a stable and secure operating environment.

Protected mode is the foundation of modern operating systems and applications, making full use of the advanced features of 80x86 processors and improving system stability and security.

1.3 Virtual 8086 Mode

Virtual 8086 Mode Overview

Virtual 8086 Mode is a special mode provided by the 80x86 processor in protected mode, allowing the processor to run 8086 programs as if they were executed in real mode. This mode is mainly used for backward compatibility, allowing old DOS programs to run on modern operating systems (such as Windows and Linux) without leaving protected mode.

Features of Virtual 8086 Mode

1. Real mode compatibility

   • Virtual 8086 mode allows the processor to simulate the operating environment in real mode, supporting the 8086 instruction set and address space.
   • The processor can execute 8086 programs in protected mode while still retaining the features and advantages of protected mode.

2. Paging and protection mechanisms

   • In virtual 8086 mode, the processor can still use the paging mechanism of protected mode to implement virtual memory and memory protection.
   • Through the page table, the address space in virtual 8086 mode can be mapped to physical memory, providing memory isolation and protection.

3. Interrupt and exception handling

   • Virtual 8086 mode supports interrupt and exception handling, which can be managed through the protected mode interrupt descriptor table (IDT).
   • Interrupts and exceptions can be handled by a virtual 8086 monitor (usually the operating system kernel), ensuring system stability and security.

4. Hardware virtualization support

   • Some modern processors provide hardware-supported virtualization technology that can implement virtual 8086 mode more efficiently.
   • For example, Intel's VT-x and AMD's AMD-V technologies can provide hardware-accelerated virtualization support to improve performance.

Memory management in virtual 8086 mode

1. Segment:Offset Addressing

   • In virtual 8086 mode, the memory addressing method is the same as that in real mode, using the segment:offset method.
   • The segment address and offset address together form a 20-bit physical address, which can access up to 1MB of memory space.

2. Paging mechanism

   • The virtual 8086 mode supports a paging mechanism that can map a 20-bit real mode address to a virtual address space in protected mode.
   • Through the page table, memory protection and isolation can be achieved to prevent programs in virtual 8086 mode from illegally accessing other memory areas.

Application of virtual 8086 mode

1. Running Old DOS Programs

   • Virtual 8086 mode is mainly used to run old DOS programs and applications to provide backward compatibility.
   • In modern operating systems, some old programs that must be executed in real mode can be run through virtual 8086 mode.

2. Virtual machines and emulators

   • Some virtual machines and emulators use virtual 8086 mode to implement support for older operating systems and software.
   • For example, emulators such as DOSBox simulate the DOS environment through virtual 8086 mode, allowing users to run classic DOS games and applications.

Limitations of Virtual 8086 Mode

1. Memory address space

   • In virtual 8086 mode, programs can only access 1MB of memory address space, which is limited by real mode.

2. Performance overhead

   • The implementation of virtual 8086 mode requires the support of protected mode, which may bring certain performance overhead.
   • Interrupt and exception handling requires the intervention of the virtual 8086 monitor (operating system kernel), which increases the processing complexity.

3. Hardware limitations

   • Not all hardware fully supports Virtual-8086 mode, and some hardware features might not be available in Virtual-8086 mode.

Summarize

Virtual 8086 mode is a special mode provided by the 80x86 processor in protected mode, mainly for backward compatibility with old DOS programs. Through virtual 8086 mode, the processor can simulate the real mode operating environment in protected mode while retaining the characteristics and advantages of protected mode. This mode is widely used in running old software, virtual machines and emulators.

2. Windows Memory Management

2.1 Memory arrangement of DOS operating system

The memory management of the DOS (Disk Operating System) operating system is mainly based on the real mode memory model of the 8086/8088 processor. The memory address space in real mode is 1MB, from 0x00000 to 0xFFFFF. This 1MB address space is divided into several major areas, each with a specific purpose. The following is a detailed introduction to the memory arrangement of the DOS operating system.

Real mode memory model

In real mode, memory addresses are accessed by combining segment addresses and offset addresses into a 20-bit physical address. The segment address is shifted left by 4 bits and added to the offset address to form the actual physical address.

Memory layout

The layout of 1MB of memory space in real mode is roughly as follows:

1. Interrupt Vector Table (IVT): 0x00000 - 0x003FF

   • Occupies 1KB (256 vectors, 4 bytes each).
   • Stores the entry address and related information of the interrupt service program.

2. BIOS Data Area (BDA): 0x00400 - 0x004FF

   • About 256 bytes.
   • Stores system and hardware device parameters, such as hard disk, serial port, parallel port, etc.

3. Traditional memory (conventional memory): 0x00500 - 0x9FFFF

   • 640KB, mainly used for DOS operating system, DOS application programs and permanent memory programs (TSRs).
   • Can be used as program code, data, stack, etc.

4. Display buffer: 0xA0000 - 0xBFFFF

   • The memory area used by the display adapter.
   • 0xA0000 - 0xAFFFF: 64KB, usually used for EGA/VGA graphics card graphics mode.
   • 0xB0000 - 0xB7FFF: 32KB, typically used for monochrome display adapters (MDAs).
   • 0xB8000 - 0xBFFFF: 32KB, usually used for color text display (CGA, EGA, VGA text mode).

5. Extended BIOS Data Area (EBDA): 0xC0000 - 0xC7FFF

   • About 32KB, storing some extended BIOS data and adapter BIOS code.

6. BIOS extension area: 0xC8000 - 0xEFFFF

   • Mainly used for BIOS and drivers of expansion cards (such as network adapters, SCSI controllers, etc.).

7. System BIOS: 0xF0000 - 0xFFFFF

   • 64KB, stores system BIOS code.
   • Provides basic system initialization, interrupt service routine, hardware control and other functions.

2.2 80386 Memory Addressing Mechanism

The Intel 80386 processor introduced a more advanced memory addressing mechanism, providing more powerful memory management and protection capabilities than its predecessors. The 80386 supports two main memory addressing modes:Real ModeandProtected ModeIn protected mode, a paging mechanism is introduced to further enhance memory management capabilities. The following is a detailed introduction:

1. Real mode

In real mode, the 80386 processor uses the same memory addressing method as the 8086/8088, using a 20-bit address bus and being able to access 1MB of memory. The address is calculated using the segment address and the offset address:

• Segment Address: Shift left 4 bits.
• Offset Address: Add to the left shift result of the segment address to get the 20-bit physical address.

物理地址 = (段地址 << 4) + 偏移地址

2. Protected Mode

Protected mode is the main working mode of the 80386 processor, which provides enhanced memory protection and management functions. Memory addressing in protected mode involves two layers of mechanisms:Segmentation mechanismandPaging mechanism。

2.1 Segmentation Mechanism

In protected mode, the 80386 processor uses segment selectors and segment descriptors to manage segments. Segment descriptors are stored in the global descriptor table (GDT) or the local descriptor table (LDT).

• Segment Selector: 16 bits, including three fields:

  • index: 13 bits, specifies the location of the segment descriptor in the GDT or LDT.
  • TI（Table Indicator）: 1 bit, indicating whether to use GDT (0) or LDT (1).
  • RPL（Requested Privilege Level）: 2 bits, specifying the requested privilege level.

• Segment Descriptor: 8 bytes, including the following fields:

  • Base Address: 32 bits, the starting address of the segment.
  • Segment Limit: 20 bits, segment size.
  • Access permissions and attributes: 12 bits, describing the segment type, privilege level, etc.

The linear address calculation under the segmentation mechanism is as follows:

线性地址 = 段基址 + 偏移地址

2.2 Paging Mechanism

The paging mechanism is another memory management method provided by the 80386 processor in protected mode. It realizes memory virtualization and protection by converting linear addresses into physical addresses. The paging mechanism involves page directories, page tables, and page frames.

• Page Directory: Contains page directory entries (PDEs), each PDE points to a page table.
• Page Table: Contains page table entries (PTEs), each PTE points to a page frame.
• Page Frame: The actual physical memory block, usually 4KB.

The address translation of the paging mechanism is as follows:

1. A linear address is divided into three parts: directory, table, and offset within the page.
2. The directory section indexes the page directory and finds the corresponding PDE.
3. The table part indexes the page table and finds the corresponding PTE.
4. The page offset is added to the page frame base address to obtain the physical address.

物理地址 = 页帧基址 + 页内偏移

Diagram of paging mechanism:

+----------------+----------------+----------------+
| 页目录（10位） | 页表（10位）   | 页内偏移（12位）|
+----------------+----------------+----------------+

3. 80386 Memory Management Unit (MMU)

The MMU (Memory Management Unit) of 80386 is responsible for address translation between segmentation and paging, and implements memory protection.

• CR0 Register: Control register used to enable/disable protection mode and paging.

  • PE bit (Protection Enable): Enable protected mode.
  • PG bit (Paging Enable): Enable paging.

• CR3 Register: The base address of the storage page directory.

• CR2 Register: Stores the linear address of the last page fault.

4. Protection Mechanism

In protected mode, the 80386 processor provides multiple protection mechanisms to ensure the security of memory and system:

• Privilege Levels: There are four levels from 0 to 3, with 0 being the highest. Controls access rights to code and data.
• Segment protection: Segment boundary checking and access control are implemented through the attribute field in the segment descriptor.
• Page Protection: Through the attribute fields in PTE, the read, write and execute permission control of the page is implemented.

2.3 Windows Memory Arrangement

1. Virtual Memory

The Windows operating system uses virtual memory management to combine physical memory (RAM) and virtual memory files (page files) on the hard disk to provide independent virtual address space for each process. Each process usually has 4GB of virtual address space (32-bit system), of which 2GB is used for user mode programs and 2GB is used for kernel mode. The virtual address space of 64-bit system is larger.

2. Virtual Address Space Layout

The virtual address space is divided into user mode and kernel mode areas:

User Mode Address Space

• 0x00000000 - 0x7FFFFFFF: User mode address space, for use by applications.
• Heap: Dynamic memory allocation area, where applications allocate and release memory at runtime.
• Stack: Each thread has its own stack for function calls and local variables.
• Shared memory: Data segment shared between different processes.

Kernel Mode Address Space

• 0x80000000 - 0xFFFFFFFF: Kernel-mode address space, used by the operating system kernel and drivers.
• Kernel code and data: The code and global data of the operating system kernel.
• System Cache: Used for file system caching to improve file access performance.
• Device Drivers: Driver code and data.

3. Memory Paging

Windows uses paging mechanism to manage memory and convert virtual address into physical address. The basic unit of paging is page, which is usually 4KB.

Page table structure

• Page Directory: Contains page directory entries (PDEs), pointing to page tables.
• Page Table: Contains page table entries (PTEs) that point to actual physical memory pages.

4. Memory Management Unit (MMU)

The processor's memory management unit (MMU) is responsible for translating virtual addresses into physical addresses, performing page replacement, and memory protection. The Windows operating system uses the MMU to implement the following functions:

• Address Translation: Map virtual addresses to physical addresses.
• Memory protection: Controls the access rights of a page (read, write, execute).
• Page Replacement: Swap infrequently used pages to the hard disk's paging file to free up physical memory.

5. Memory Protection

The Windows operating system protects memory through the following mechanisms:

• Privilege Level: Ensures that user-mode programs cannot directly access kernel-mode memory.
• Page permissions: Controls the access type (read, write, execute) of each page.
• Access control: The operating system kernel sets access permissions to prevent unauthorized memory access.

6. Memory Allocation

Windows uses a variety of strategies and data structures for memory allocation:

• Paging Allocator: Manages the allocation and deallocation of virtual memory pages.
• Heap Manager: Provides efficient memory allocation and recycling for applications.
• Kernel memory allocator: Manages kernel-mode memory, including pool allocators and nonpaged pool.

7. Memory Management API

Windows provides a set of memory management APIs for use by applications and the system:

• VirtualAlloc/VirtualFree: Allocate and release virtual memory.
• HeapAlloc/HeapFree: Allocate and free memory on the heap.
• GlobalAlloc/GlobalFree: Allocate and release global memory blocks.
• LocalAlloc/LocalFree: Allocate and free local memory blocks.

8. Page File

Windows uses a page file (Pagefile.sys) as part of virtual memory to swap infrequently used pages into the page file when physical memory is low. The location and size of the page file can be configured by the user.

3. Windows Privilege Protection

3.1 80386 Interrupts and Exceptions

1. Classification of interrupts and exceptions

Interrupts and exceptions can be divided into the following categories:

1. Hardware Interrupts: Sent by external devices, such as keyboard, mouse, hard disk, etc.
2. Software Interrupts: By software INT Command trigger.
3. Exceptions: Caused by errors or special conditions detected by the processor, such as division by zero error, page fault, etc.

2. Interrupt Vector Table (IVT)

The 80386 processor uses an Interrupt Vector Table to manage interrupts and exceptions. The IVT is a table containing 256 entries, each of which occupies 4 bytes and stores the address of the interrupt or exception handler. The base address of the IVT is stored in the IDTR (Interrupt Descriptor Table Register).

3. Interrupt Descriptor Table (IDT)

In protected mode, the 80386 processor uses an interrupt descriptor table (IDT) to store interrupt and exception handlers. The IDT contains interrupt gate, trap gate, and task gate descriptors, each of which occupies 8 bytes.

• Interrupt Gate: Used for hardware and software interrupts, automatically clearing IF (interrupt flag).
• Trap Gate: Used for exception handling, does not clear IF.
• Task Gate: Used to switch tasks.

The base address and limits of the IDT are stored in the IDTR.

4. Interrupt handling process

When an interrupt or exception occurs, the 80386 processor performs the following steps:

1. Saving Context: Save the current CS (code segment register), EIP (instruction pointer register) and EFLAGS (flag register) to the stack.
2. Find IDT: According to the interrupt or exception number, find the corresponding descriptor from the IDT.
3. Check permissions: Check the current privilege level (CPL) and the target privilege level (DPL) to ensure legal permission transfer.
4. Jump to handler: Load new CS and EIP and jump to the interrupt or exception handler.
5. Handling interrupts or exceptions: Execute the handler code.
6. Restoring Context:pass IRET The instruction restores CS, EIP, and EFLAGS to the state before the interrupt or exception occurred.

5. Exception Types

The 80386 processor supports multiple exceptions, each with different error codes and handling methods:

1. Faults: A recoverable exception occurs and when the handler returns, the instruction that caused the exception is re-executed.
2. Traps: An exception used for debugging or tracing. When the handler returns after it occurs, execution continues to the next instruction.
3. Aborts: Serious error, usually unrecoverable.

Common exceptions include:

• Divide Error: Raised when the divisor is zero.
• Single Step: Used for debugging, triggered when executing single step.
• Breakpoint: Raised when debugging a breakpoint.
• Overflow:use INTO Raised when an instruction detects an overflow.
• Bounds Check (BOUND Range Exceeded): Raised when array access is out of bounds.
• Invalid Opcode: Raised when an illegal instruction is executed.
• Device Not Available: Raised when the coprocessor is not available.
• Double Fault: An exception is raised again while handling an exception.
• Coprocessor Segment Overrun: Raised by coprocessor operation.
• Invalid TSS: Raised when the task status segment is illegal.
• Segment Not Present: Raised when accessing a non-existent segment.
• Stack Fault: Raised when a stack operation error occurs.
• General Protection Fault: Raised when a protection rule is violated.
• Page Fault: Raised when a paging operation is abnormal.

6. Interrupt and exception handlers

Interrupt and exception handlers are special routines that are used to handle specific interrupts or exceptions. They are usually provided by the operating system and are responsible for restoring the system state, logging error information, and performing necessary recovery operations or interrupt responses.

7. Interrupt priority and masking

The 80386 processor supports interrupt priority and masking mechanisms, and manages the priority and masking of hardware interrupts through the PIC (Programmable Interrupt Controller). High-level interrupts can interrupt the processing of low-level interrupts, ensuring that critical events can be responded to in a timely manner.

3.2 80386 Protection Mechanism

1. Segment protection

The 80386 processor uses a segmentation mechanism to manage memory. Each segment has a descriptor that contains the segment's base address, limits, and access permissions. Segmentation protection ensures that a process can only access the memory area it is authorized to access.

Segment Descriptor

Segment descriptors are stored in the Global Descriptor Table (GDT) and the Local Descriptor Table (LDT). Each descriptor contains the following information:

• Base Address: The starting address of the segment.
• Limit: The size of the segment, indicating the end address of the segment.
• Type and DPL: Segment type (code segment, data segment, system segment) and access rights.
• Segment presence bit (P): Whether the segment is in memory.

Implementation of segment protection

When accessing memory, the processor looks up the segment descriptor based on the segment selector and performs the following checks:

1. Base address and bounds checking: Make sure the access address is within the range of the segment.
2. Permission Check: Ensure that the access rights match the type and privilege level in the descriptor.

2. Paging protection

The paging mechanism further refines memory management, and each page has its own access rights. The paging protection mechanism is implemented through page directories and page tables.

Page Directory and Page Table

• Page Directory: Contains page directory entries (PDEs), pointing to page tables.
• Page Table: Contains page table entries (PTEs) that point to actual physical memory pages.

Each page table entry contains the following information:

• Page base address: The starting address of the physical memory page.
• Presence bit (P): Whether the page is in memory.
• Read/Write bit (R/W): Whether the page is writable.
• User/Superuser Bit (U/S): Access permissions for the page.

Implementation of Paging Protection

When accessing memory, the processor performs the following checks:

1. Page existence check: Check if the page is in memory. If not, a page fault is triggered.
2. Read/Write Check: Checks whether the page is writable. If an attempt is made to write to a non-writable page, a protection fault is triggered.
3. User/Superuser Check: Check access permissions to ensure that user-mode code cannot access kernel-mode pages.

3. Privilege Level

The 80386 processor supports four privilege levels, from 0 to 3, with lower levels indicating higher privileges.

• Privilege Level 0 (Ring 0): The highest privilege level, usually used for the operating system kernel.
• Privilege Level 1 (Ring 1)andPrivilege Level 2 (Ring 2): Intermediate privilege level, rarely used.
• Privilege Level 3 (Ring 3): The lowest privilege level, typically used for user-mode applications.

Implementation of privilege levels

Privilege levels are implemented through the following mechanisms:

1. Code Privilege Level (CPL): The privilege level of the code currently executing.
2. Data Segment Privilege Level (DPL): The privilege level of the data segment, which determines which CPLs can access the segment.
3. Requested Privilege Level (RPL): The privilege level of the segment selector, indicating the permission to request access.

When performing an access operation, the processor checks the CPL, DPL, and RPL to ensure that the privilege level rules are met. If not, a General Protection Fault is triggered.

4. System Segment and Gate Descriptors

The 80386 processor supports system segment and gate descriptors to implement task switching and interrupt handling.

System segment

• Task State Segment (TSS): Contains the context information of the task, used for task switching.
• Local Descriptor Table (LDT): Contains task-specific segment descriptors.

Gate Descriptor

• Interrupt Gate: Used for interrupt processing, jump to the interrupt handler.
• Trap Gate: Used for exception handling, does not mask interrupts.
• Task Gate: Used for task switching, switching tasks through TSS.

5. Task switching

The 80386 processor supports hardware task switching, which is implemented through the Task State Segment (TSS). Task switching can be triggered by interrupts, exceptions, or task gates.

Task State Segment (TSS)

TSS contains the register status, segment registers, stack pointer, and task link of the task. When the task is switched, the processor saves the status of the current task to TSS and loads the status of the new task.

The process of task switching

1. Save the current task status: Save the registers and segment registers of the current task to TSS.
2. Loading new task status: Load registers and segment registers from the new task's TSS.
3. Update Task Register (TR): Points to the TSS of the new task.

6. Interrupt and exception handling

Interrupt and exception handling are an important part of the 80386 processor protection mechanism. Interrupts and exceptions are managed by the Interrupt Descriptor Table (IDT), and permission checks and context switches are performed during processing.

Interrupt and exception handling

1. Saving Context: Save the current CS, EIP and EFLAGS to the stack.
2. Find IDT: According to the interrupt or exception number, find the corresponding descriptor from the IDT.
3. Permission Check: Check CPL and DPL to ensure legal permission conversion.
4. Jump to handler: Load new CS and EIP and execute the handler.
5. Restoring Context:pass IRET Restore CS, EIP, and EFLAGS to the state before the interrupt or exception occurred.

3.3 Windows protection mechanism

1. User mode and kernel mode

The Windows operating system divides the processor's execution mode into user mode and kernel mode:

• User Mode: Runs applications with restricted access rights and cannot directly access hardware or kernel data structures.
• Kernel Mode: Runs core operating system components and device drivers, has full access rights, and can execute privileged instructions.

Switching between user mode and kernel mode

Switching between user mode and kernel mode is usually achieved through system calls. Applications request kernel services by calling system APIs, and the operating system switches the request to kernel mode for processing.

2. Memory protection

Virtual Memory

Windows uses a virtual memory mechanism to provide each process with an independent address space. This mechanism prevents processes from directly accessing each other's memory, thereby improving system security and stability.

• Page Table: Each process has an independent page table that maps virtual addresses to physical addresses.
• Page Swap: When physical memory is insufficient, the operating system swaps infrequently used pages to the paging file on the hard disk.

Memory Segments

Windows uses memory segments to divide different types of data and code, and each segment has different access rights and protection mechanisms. For example, the code segment is read-only, while the data segment is readable and writable.

3. Access Control

The Windows operating system uses access control lists (ACLs) to manage the access permissions of users and processes to resources.

Security Identifier (SID)

Every user, group, and computer has a unique security identifier (SID) that identifies it.

Access Control List (ACL)

Each object (such as a file, directory, registry key, etc.) has an access control list, which contains a set of access control entries (ACEs) that define the access rights that different users and groups have to that object.

4. Privilege Management

Windows controls processes and the actions that users can perform through privilege management. Certain privileges are only granted to specific user groups (such as administrators), such as installing drivers, accessing system logs, etc.

security strategy

Windows provides a series of security policies that can configure User Account Control (UAC), password policy, audit policy, etc. to enhance system security.

5. Interrupt and exception handling

The Windows operating system uses interrupt and exception handling mechanisms to manage hardware interrupts, software interrupts, and processor exceptions.

Interrupt handling

The Interrupt Service Routine (ISR) is responsible for handling hardware interrupts and ensuring that external devices can respond in a timely manner.

Exception handling

The exception handler handles processor exceptions, such as division by zero errors, page faults, etc., to ensure that the system can take appropriate recovery measures when an exception occurs.

6. Multitasking

Windows allows multiple processes and threads to run simultaneously through a multitasking mechanism. The operating system uses a scheduler to manage the execution of processes and threads to ensure that system resources are fairly distributed.

Thread Scheduling

Windows uses a priority scheduling algorithm to allocate CPU time slices based on the thread's priority and state (such as ready, waiting, running, etc.).

Process Isolation

Each process has independent virtual address space and resources, which prevents one process from affecting the operation of another process and improves system stability.

7. Security Features

Windows provides a series of security features, such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), to enhance the system's protection capabilities.

Data Execution Prevention (DEP)

DEP prevents code from executing in the data segment by marking certain memory areas as non-executable through a combination of hardware and software.

Address Space Layout Randomization (ASLR)

ASLR randomizes the memory address space of a process, making it more difficult for attackers to exploit vulnerabilities.